Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363576 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-100009 | 1 Joomlaskin | 1 Js Multi Hotel | 2025-04-12 | N/A |
| The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/. | ||||
| CVE-2014-10001 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | ||||
| CVE-2014-100010 | 1 Csphere | 1 Clansphere | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. | ||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2014-100013 | 1 Clientresponse Project | 1 Clientresponse | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. | ||||
| CVE-2014-100014 | 1 Solidworks | 1 Product Data Management | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. | ||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | ||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | ||||
| CVE-2014-100017 | 1 Phponlinechat | 1 Phponlinechat | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2025-04-12 | N/A |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2025-04-12 | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | ||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | ||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2025-04-12 | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | ||||
| CVE-2014-100023 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php. | ||||
| CVE-2014-100024 | 1 Seopanel | 1 Seo Panel | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-100025 | 1 Savsoft Technologies | 1 Savsoft Quiz | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request. | ||||
| CVE-2014-100026 | 1 April\'s Super Functions Pack Project | 1 April\'s Super Functions Pack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-100027 | 1 Getusedtoit | 1 Wp Slimstat | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-100028 | 1 Webcrafted Project | 1 Webcrafted | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. | ||||